Google Cloud announced the introduction of mandatory multifactorial authentication (MFA) for all users by 2025. This measure aims to enhance account protection, particularly in the face of increasing threats such as phishing and compromised accounting data. Google emphasized that MFA safeguards user data without complicating the authorization process.
The implementation of mandatory MFA will occur in phases:
- At the initial stage (commencing in November 2024), the company will advise users to transition to MFA, providing reminders and instructions within the Google Cloud console.
- During the second stage (early 2025), MFA will become compulsory for all users enrolled in the password system. Users must enable MFA to continue using Google Cloud tools, including Google Cloud Console, Firebase Console, and Gcloud.
- The final stage (end of 2025) will see the enforcement of MFA for all users utilizing federal authentication with Google Cloud.
Google initiated the introduction of multifactorial authentication for consumers in 2011 by launching a two-step verification process. This approach gained widespread adoption due to its simplicity and effectiveness in combating password compromises.
However, in response to more advanced attacks, the company introduced additional security measures like security keys and access keys that simplify authentication through biometric verification.
The mandate for mandatory MFA in Google Cloud aligns with recommendations from IB specialists and the CISA agency, which found that users with MFA activated are 99% less likely to fall victim to attacks.
Users looking to set up MFA can already enable a free two-step verification for their Google accounts. To do this, they can visit the security settings on the website secret.google.com and activate two-step verification in the “How you sign in to Google” section.